Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S942236AbcJ1PWO (ORCPT ); Fri, 28 Oct 2016 11:22:14 -0400 Received: from nm3-vm1.bullet.mail.ne1.yahoo.com ([98.138.91.53]:41932 "EHLO nm3-vm1.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S941931AbcJ1PWM (ORCPT ); Fri, 28 Oct 2016 11:22:12 -0400 X-Yahoo-Newman-Id: 594144.36992.bm@smtp224.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: pot1Vo0VM1kM5jdtYfip.biEtTo0YLnftwG8Qah5xKE6Tm5 sLjD26qWGqhzyMnIl7qKelUkj4W7rdgGpz3FgdZYJCF0TCeIX1mRDOMvDTi3 TvCZ5r4bH2_EwSIi4JcBKtbB5CgagmMNEl6aUnKq_c1XD.X0anXBm39JQPgv qphp4yczVcgqO8.WvCgv_tC0Gyic1H8b7DeIzx7n69y3z180JQ0jxNZg4rG5 qYuuH_ufARfF.85GRmcOB4BAtnHScfKsCV0nud0Y5h4jxYx244BzVHGGbfuU vKX60YXcsyUoqKmqZt_8THb995WC91pURXrhN_VizdF2xzcDbH.vy6NSAD2a k0TWRmi3pD3uN_Yl791WfenHwJiCuHcxX.ABeCc4HkmoQn3J3osMxO78v84a g107EBMXMaB9uv9o3tl6wG6QYIe3SUrScWlMplHHLl1bjidglrquXjW0bKpq 48tY.dSOxcH3Wt4jx2T9JNwGQU2DdXi2gY_k4w2D1EG_1hZudY9aWIEDI6qe xq0s86hhUdD6e0OGbp5tvUWx7XnBiy.WiKNsRdI.k.BFL8Sv7yj_LzAI- X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Subject: Re: [PATCH v6 0/3] LSM: security module information improvements To: James Morris References: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com> <575cbfd2-e05b-83a9-faed-d07011c8bd5e@schaufler-ca.com> Cc: LSM , John Johansen , Paul Moore , Kees Cook , Stephen Smalley , Tetsuo Handa , LKLM From: Casey Schaufler Message-ID: <7606f7b6-c4e0-4897-83bc-2b67abb55a2f@schaufler-ca.com> Date: Fri, 28 Oct 2016 08:22:09 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1002 Lines: 25 On 10/28/2016 2:28 AM, James Morris wrote: > On Thu, 27 Oct 2016, Casey Schaufler wrote: > >> The 3/3 patch is forward looking, I'll admit. Userspace >> can start getting ready for the combined format in >> advance of multiple major modules. When complete module >> stacking patches are available I don't want to be addressing >> "no userspace is set up to handle that" if at all possible. >> I don't want to be Chicken or Egged to death. The attr/context >> would be the ideal thing for the id command to report, as >> the format would always be the same and identify the module(s). > We do not add speculative infrastructure to the kernel. Fair enough. Development for the attr/context interface in userspace can be done out of tree. There is support for the other two patches, and I would very much like to see them accepted. > > There is no consensus that we need major module stacking, and some of the > technical issues (network secids, for example) are also as yet unresolved. > > > - James